0xThiebaut
DFIR & RE at @NVISOsecurity . Bringing custom tools to custom problems.
@NVISOsecurity Belgium
Pinned Repositories
BadBlood
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active D
ctfd-koth
A CTFd King of the Hill binary.
dnsbeat
An Elasticsearch Beat to monitor DNS zones through customizable zone transfers.
dnsbeat-poc
A proof-of-concept for 0xThiebaut/dnsbeat.
IDA
⚙️ Things I used in IDA...
mdeproxy
Microsoft Defender for Endpoint Proxy (Device Timeline, ...)
PCAPeek
A proof-of-concept re-assembler for reverse VNC traffic.
sigmai
Import specific data sources into the Sigma generic and open signature format.
Signatures
🚧 Currently transfering TLP:CLEAR rules from TLP:AMBER repository...
Zipit
A Firefox extension to encrypt files downloaded through Microsoft 365 Defender's Live Response Sessions.
0xThiebaut's Repositories
0xThiebaut/PCAPeek
A proof-of-concept re-assembler for reverse VNC traffic.
0xThiebaut/Signatures
🚧 Currently transfering TLP:CLEAR rules from TLP:AMBER repository...
0xThiebaut/mdeproxy
Microsoft Defender for Endpoint Proxy (Device Timeline, ...)
0xThiebaut/IDA
⚙️ Things I used in IDA...
0xThiebaut/CCCS-Yara
YARA rule metadata specification and validation utility / Spécification et validation pour les règles YARA
0xThiebaut/CyberChef
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
0xThiebaut/DefenderHarvester
Expose a lot of MDE telemetry that is not easily accessible in any searchable form
0xThiebaut/DidierStevensSuite
Please no pull requests for this repository. Thanks!
0xThiebaut/elastic-agent-system-metrics
0xThiebaut/FortilogDecoder
0xThiebaut/IvantiInitrdDecryptor
0xThiebaut/libtorrent
an efficient feature complete C++ bittorrent implementation
0xThiebaut/malduck
:duck: Malduck is your ducky companion in malware analysis journeys
0xThiebaut/mwdb-core
Malware repository component for samples & static configuration with REST API interface.
0xThiebaut/opnsense-core
OPNsense GUI, API and systems backend
0xThiebaut/opnsense-plugins
OPNsense plugin collection
0xThiebaut/opnsense-ports
OPNsense ports on top of FreeBSD
0xThiebaut/opnsense-tools
OPNsense release engineering toolkit
0xThiebaut/qBittorrent
qBittorrent BitTorrent client
0xThiebaut/signature-base
YARA signature and IOC database for my scanners and tools
0xThiebaut/speakeasy
Windows kernel and user mode emulation.
0xThiebaut/SQLiteHunter
Hunt for SQLite files used by various applications
0xThiebaut/The-DFIR-Report-Sigma
The DFIR Report's Sigma Rules
0xThiebaut/Tools
Tools and scripts
0xThiebaut/traefik-helm-chart
Traefik Proxy Helm Chart
0xThiebaut/uac
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
0xThiebaut/velociraptor
Digging Deeper....
0xThiebaut/winget-pkgs
The Microsoft community Windows Package Manager manifest repository
0xThiebaut/wireproxy
Wireguard client that exposes itself as a socks5 proxy
0xThiebaut/yara-x
A rewrite of YARA in Rust.